In [48069] the Block Renderer was changed to register a single route for all dynamic blocks. Validation was dynamically applied based on the requested block, but sanitization was not. This commit adds the same sanitization back to the block attributes.
Props manooweb.
Fixes#50620. See #48079.
git-svn-id: https://develop.svn.wordpress.org/trunk@48437 602fd350-edb4-49c9-b593-d223f7449a82
Additionally:
* Correct inline comments per the documentation standards.
* Correct the `@ticket` reference in `tests/feed/atom.php`.
Follow-up to [48429].
See #33591.
git-svn-id: https://develop.svn.wordpress.org/trunk@48435 602fd350-edb4-49c9-b593-d223f7449a82
If a bool/float/int is passed into wp_slash it will be coerced into a string.
This changes the behavior to only slash strings. At the same time, handles recursion a little nicer by calling array_map for arrays.
Fixes#42195, #24106.
Props johnbillion, andizer, jrf, ryotasakamoto, SergeyBiryukov, donmhico, TobiasBg, markoheijnen, ryan, nacin, devesine, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@48433 602fd350-edb4-49c9-b593-d223f7449a82
Metadata that is stored on newlines has the possibility of missing values, so rather then coercing values, we can check for them and then implicity set the values.
Fixes#33591.
Props jonnybot, stevenkword, vtieu, birgire, SergeyBiryukov, davidbaumwald, rebasaurus, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@48429 602fd350-edb4-49c9-b593-d223f7449a82
Improve speed and reduce the memory footprint when loading posts with many revisions.
* Use a direct query in `wp_get_post_autosave` to avoid loading all revisions.
* Query for IDs vs full objects in `register_and_do_post_meta_boxes`.
Props pdfernhout, johnnyb, miqrogroove, ocean90, senatorman, DBrumbaugh10Up, martijn-van-der-kooij, pavelevap, mackensen, mikeyarce, whyisjake.
Fixes#34560.
git-svn-id: https://develop.svn.wordpress.org/trunk@48422 602fd350-edb4-49c9-b593-d223f7449a82
Slashes and HTML encoding could cause some menus not to be updated.
Fixes#48011.
Props zaheerahmad, achyuthajoy, desrosj, pento, SergeyBiryukov, donmhico, audrasjb, birgire, mikeschroder.
git-svn-id: https://develop.svn.wordpress.org/trunk@48416 602fd350-edb4-49c9-b593-d223f7449a82
The `register_meta()` API now officially supports specifying a default metadata value. When `get_metadata()` is called for a meta key that does not yet exist for the object, this default value will be returned instead of an empty string.
A new function is introduced `get_metadata_raw` to retrieve the raw metadata value from the database, without applying the registered default.
Props spacedmonkey, flixos90, rmccue, kadamwhite, mnelson4, johnbillion, chrisvanpatten, TimothyBlynJacobs.
Fixes#43941.
git-svn-id: https://develop.svn.wordpress.org/trunk@48402 602fd350-edb4-49c9-b593-d223f7449a82
The new default_term argument is added to `register_taxonomy()` allowing a user to define the default term `name` and optionally `slug` and `description`.
Fixes#43517.
Props enrico.sorcinelli, SergeyBiryukov, desrosj, davidbaumwald, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@48356 602fd350-edb4-49c9-b593-d223f7449a82
Now that more than 3 months have passed since 2020-03-23, this was causing test failures.
Follow-up to [48242].
See #50321.
git-svn-id: https://develop.svn.wordpress.org/trunk@48333 602fd350-edb4-49c9-b593-d223f7449a82
- Introduce `wp_image_file_matches_image_meta()` utility function to check whether the image meta (retrieved by attachment ID) matches an image path or URI. A mismatch may happen in some cases, for example after the posts have been exported from one website and imported in another.
- Add unit tests for the new function.
- Improve `wp_image_src_get_dimensions()` a bit and use the new function to prevent these edge cases.
Fixes#50543.
git-svn-id: https://develop.svn.wordpress.org/trunk@48329 602fd350-edb4-49c9-b593-d223f7449a82
This makes the property consistent with similar properties of other classes:
* `WP_Comment_Query::$found_comments`
* `WP_Network_Query::$found_networks`
* `WP_Site_Query::$found_sites`
* `WP_User_Query::$total_users`
Props birgire, PressLabs.
Fixes#42469.
git-svn-id: https://develop.svn.wordpress.org/trunk@48328 602fd350-edb4-49c9-b593-d223f7449a82
This test is only relevant for locales using a comma as a decimal separator, while `ja_JP` uses a dot.
Props gh640, johnjamesjacoby, SergeyBiryukov.
Fixes#49690.
git-svn-id: https://develop.svn.wordpress.org/trunk@48317 602fd350-edb4-49c9-b593-d223f7449a82
When a user has registered with incorrect data and got the account deleted immediately, it currently wasn't possible to register with the same login or email address again due to the existing signup entry. They had to wait for two days until the entry gets automatically deleted. Now the associated signup entry gets deleted as part of the account deletion.
Fixes#43232.
git-svn-id: https://develop.svn.wordpress.org/trunk@48315 602fd350-edb4-49c9-b593-d223f7449a82
This further makes the function more consistent with `get_the_ID()` or `wp_get_post_parent_id()`, both returning `false` for a non-existing post.
Additionally, document that `get_post_thumbnail_id()` returns `0` if the thumbnail image is not set.
Follow-up to [47160].
Props theMikeD, dingo_d, netpassprodsr, SergeyBiryukov.
Fixes#49832. See #40096.
git-svn-id: https://develop.svn.wordpress.org/trunk@48310 602fd350-edb4-49c9-b593-d223f7449a82
A multi-type schema is a schema where the `type` keyword is an array of possible types instead of a single type. For instance, `[ 'object', 'string' ]` would allow objects or string values.
In [46249] basic support for these schemas was introduced. The validator would loop over each schema type trying to find a version that matched. This worked for valid values, but for invalid values it provided unhelpful error messages. The sanitizer also had its utility restricted.
In this commit, the validators and sanitizers will first determine the best type of the passed value and then apply the schema with that set type. In the case that a value could match multiple types, the schema of the first matching type will be used.
To maintain backward compatibility, if unsupported schema types are used, the value will always pass validation. A doing it wrong notice is issued in this case.
Fixes#50300.
Props pentatonicfunk, dlh, TimothyBlynJacobs.
git-svn-id: https://develop.svn.wordpress.org/trunk@48306 602fd350-edb4-49c9-b593-d223f7449a82
This allows for using multi-type support with a string that has a format. For backwards compatibility support, the format validation will still apply if the type is not specified, or it is invalid.
Two new doing it wrong notices are issued when omitting a type, or using an invalid type.
Props ryotsun.
Fixes#50189.
git-svn-id: https://develop.svn.wordpress.org/trunk@48300 602fd350-edb4-49c9-b593-d223f7449a82
This commit adds a unique ID attribute to script loader generated <script> tags as well as related <script> tags for inline JavaScript, translations, or parameters.
This is a first step in adding support for lazy loading scripts and styles, but for now is only used to assist in debugging generated output.
Props dd32, spacedmonkey.
See #48654.
git-svn-id: https://develop.svn.wordpress.org/trunk@48295 602fd350-edb4-49c9-b593-d223f7449a82
To facilitate inline image editing in Gutenberg, a new endpoint at wp/v2/media/<id>/edit has been introduced. This is functionally similar to the existing ajax image editor, however the REST API editor creates a new attachment record instead of updating an existing attachment.
Fixes#44405.
Props ajlende, ellatrix, spacedmonkey, azaozz.
git-svn-id: https://develop.svn.wordpress.org/trunk@48291 602fd350-edb4-49c9-b593-d223f7449a82
* Make sure `test_wp_list_pages_number()` sorts by ID, as there are several pages with the same title.
* Limit `test_wp_list_pages_sort_column()` to one level, as the child page fixtures don't have an author and cannot be reliably sorted by `post_author`.
Follow-up to [48157].
Props afercia.
See #50466.
git-svn-id: https://develop.svn.wordpress.org/trunk@48280 602fd350-edb4-49c9-b593-d223f7449a82
After working on support for register_block_type_args filter in #49615, it became clear that we need to use init action for core blocks to make it possible to use this filter.
Fixes#50263.
git-svn-id: https://develop.svn.wordpress.org/trunk@48279 602fd350-edb4-49c9-b593-d223f7449a82
This allows for programatically determining the REST version of the current page. The links also aid human discovery of the REST API in general.
Props dshanske, tfrommen, TimothyBlynJacobs.
Fixes#49116.
git-svn-id: https://develop.svn.wordpress.org/trunk@48273 602fd350-edb4-49c9-b593-d223f7449a82
With this changeset, in addition to the already present `wp_lazy_loading_enabled` filter, developers can now opt out of lazy-loading template images via `wp_get_attachment_image()` by passing a `loading` attribute with boolean value `false`. This can be used e.g. by theme developers on images which are very likely to be in the initial viewport.
This changeset also improves related test coverage.
Props adamsilverstein, azaozz, joemcgill, johnbillion.
See #50425, #44427.
git-svn-id: https://develop.svn.wordpress.org/trunk@48272 602fd350-edb4-49c9-b593-d223f7449a82
Adds possibility to filter the settings of a block type during its registration.
Props aduth, azaozz.
Fixes#49615.
git-svn-id: https://develop.svn.wordpress.org/trunk@48263 602fd350-edb4-49c9-b593-d223f7449a82
These endpoints facilitate the Block Directory Inserter feature in Gutenberg. Users can now install, activate, deactivate, and delete plugins over the REST API. The block directoryendpoint allows searching for available blocks from the WordPress.org block directory.
Props cklee, talldanwp, noisysocks, joen, soean, youknowriad, dufresnesteven, gziolo, dd32, tellyworth, ryelle, spacedmonkey, TimothyBlynJacobs.
Fixes#50321.
git-svn-id: https://develop.svn.wordpress.org/trunk@48242 602fd350-edb4-49c9-b593-d223f7449a82
Following up on [48170], this changeset moves the new logic to add missing `img` dimension attributes into a separate function that is run first within `wp_filter_content_tags()`. It also adds a utility function `wp_image_src_get_dimensions()` with logic reused from `wp_image_add_srcset_and_sizes()`, and it ensures that `width` and `height` attributes only get added if both of the attributes are missing on the original `img` tag.
This changeset furthermore improves test coverage and separates tests for the different aspects of `img` tag modification.
Props azaozz.
Fixes#50367. See #44427.
git-svn-id: https://develop.svn.wordpress.org/trunk@48237 602fd350-edb4-49c9-b593-d223f7449a82
This addresses an inconsistency where 0 could mean one of the three scenarios:
* Invalid comment ID.
* Invalid comment post ID.
* No DB rows updated. This is not an error and should not be treated as one.
With this change, `wp_update_comment()` always returns either `false` or a `WP_Error` object on failure, depending on the value of the `$wp_error` parameter.
Follow-up to [48154], [48215], [48216], [48218], [48230].
Props dd32, jnylen0, enrico.sorcinelli.
Fixes#39732. See #38700, #39735.
git-svn-id: https://develop.svn.wordpress.org/trunk@48235 602fd350-edb4-49c9-b593-d223f7449a82
Restoring the hook-related globals to their state at `setUp()` is addressed by `WP_UnitTestCase_Base::_restore_hooks()`.
Follow-up to [48154].
See #39732.
git-svn-id: https://develop.svn.wordpress.org/trunk@48222 602fd350-edb4-49c9-b593-d223f7449a82
This makes the behavior consistent with that of locked posts, which can't be deleted via the list tables when another user is editing them.
Props dlh.
Fixes#50501.
git-svn-id: https://develop.svn.wordpress.org/trunk@48211 602fd350-edb4-49c9-b593-d223f7449a82
* `get_header()`
* `get_footer()`
* `get_sidebar()`
* `get_template_part()`
These functions now return false if the template file could not be found, to allow for easier debugging.
Props tferry, sphakka, johnbillion, pento, davidbinda, desrosj, birgire, garrett-eclipse, williampatton, davidbaumwald, SergeyBiryukov.
Fixes#40969.
git-svn-id: https://develop.svn.wordpress.org/trunk@48209 602fd350-edb4-49c9-b593-d223f7449a82
This endpoint allows a user to retrieve the block type definition for all server-side registered block types.
Props spacedmonkey, aduth, gziolo, ocean90, TimothyBlynJacobs.
Fixes#47620.
git-svn-id: https://develop.svn.wordpress.org/trunk@48173 602fd350-edb4-49c9-b593-d223f7449a82
Currently themes can declare support for a given feature by using add_theme_support(). This commit adds a register_theme_feature() API that allows plugins and WordPress Core to declare a list of available features that themes can support.
The REST API uses this to expose a theme's supported features if the feature has been registered with "show_in_rest" set to true.
Props kadamwhite, spacedmonkey, williampatton, desrosj, TimothyBlynJacobs.
Fixes#49406.
git-svn-id: https://develop.svn.wordpress.org/trunk@48171 602fd350-edb4-49c9-b593-d223f7449a82
This changeset ensures that attachment images which are inserted without `width` and `height` attributes still receive them in the frontend, to reduce cumulative layout shift. Adding the dimensions happens as part of the logic for adding `srcset` and `sizes` attributes, which already assume the specific width and height of the respective image.
Images are now only lazy-loaded if they have `width` and `height` attributes present. While missing these attributes itself is what causes layout shifts, lazy-loading such images can make this problem more apparent to the user.
Props adamsilverstein, westonruter.
Fixes#50367. See #44427.
git-svn-id: https://develop.svn.wordpress.org/trunk@48170 602fd350-edb4-49c9-b593-d223f7449a82
The `wp_update_comment_data` filter introduced in 4.7 allows comment data to be filtered before it is updated in the database.
The patch aims to handle `WP_Error` as the filter above return value in a similar manner as is done for `wp_new_comment()`.
Fixes#39732.
Props: enricosorcinelli, swissspidy, gkloveweb, jnylen0, jbpaul17, afercia, SergeyBiryukov, audrasjb, imath, davidbaumwald.
git-svn-id: https://develop.svn.wordpress.org/trunk@48154 602fd350-edb4-49c9-b593-d223f7449a82
This makes the API a little more clear, whereas setting `false` used to mean `asc` and `true` meant `desc`, you can now use those directly, while maintaining back-compat.
Fixes#45089.
Props Tkama, SergeyBiryukov, shital-patel, desrosj, birgire, davidbaumwald.
git-svn-id: https://develop.svn.wordpress.org/trunk@48151 602fd350-edb4-49c9-b593-d223f7449a82
Also, remove the `version` argument from the `wp.deprecated()` call in `password-strength-meter.js`. This argument is for specifying the version a feature will be removed, not when the feature was removed.
Props hareesh-pillai.
Fixes#50413.
git-svn-id: https://develop.svn.wordpress.org/trunk@48124 602fd350-edb4-49c9-b593-d223f7449a82
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes#50413.
git-svn-id: https://develop.svn.wordpress.org/trunk@48121 602fd350-edb4-49c9-b593-d223f7449a82
The merging behavior which assigns the `layout` attribute in `WP_Block_Type` gets removed.
Props aduth, TimothyBlynJacobs.
Fixes#50257.
git-svn-id: https://develop.svn.wordpress.org/trunk@48118 602fd350-edb4-49c9-b593-d223f7449a82
Partially reverts [48059] as there's no full consensus on the removal of the text prefix. Further actions should be taken to improve consistency and accessibility of the admin notices. Keeps some improvements to the translatable strings from [48059].
Fixes#47656.
git-svn-id: https://develop.svn.wordpress.org/trunk@48115 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that `$pages` and other globals are only used after they have been set up in `setup_postdata()`.
Follow-up to [44941].
Props tessawatkinsllc, dontdream, spacedmonkey, squarecandy, davidbaumwald, SergeyBiryukov.
Fixes#47824. See #42814.
git-svn-id: https://develop.svn.wordpress.org/trunk@48114 602fd350-edb4-49c9-b593-d223f7449a82
The important part here is calling `the_content()` after setting up post data for another post without updating global `$post`.
The `foreach()` loop is not necessary.
Follow-up to [UT1289].
See #47824, #24330.
git-svn-id: https://develop.svn.wordpress.org/trunk@48113 602fd350-edb4-49c9-b593-d223f7449a82
Enables developers to determine whether a section of CSS should be allowed or discarded. By default, the value will be false if the part contains \ ( & } = or comments. Returning true allows the CSS part to be included in the output.
Replaces the `safe_style_disallowed_chars` filter introduced in r47891.
Props azaozz.
Fixes#37134.
git-svn-id: https://develop.svn.wordpress.org/trunk@48086 602fd350-edb4-49c9-b593-d223f7449a82
While web crawlers are able to discover pages from links within the site and from other sites, XML sitemaps supplement this approach by allowing crawlers to quickly and comprehensively identify all URLs included in the sitemap and learn other signals about those URLs using the associated metadata.
See https://make.wordpress.org/core/2020/06/10/merge-announcement-extensible-core-sitemaps/ for more details.
This feature exposes the sitemap index via `/wp-sitemap.xml` and exposes a variety of new filters and hooks for developers to modify the behavior. Users can disable sitemaps completely by turning off search engine visibility in WordPress admin.
This change also introduces a new `esc_xml()` function to escape strings for output in XML, as well as XML support to `wp_kses_normalize_entities()`.
Props Adrian McShane, afragen, adamsilverstein, casiepa, flixos90, garrett-eclipse, joemcgill, kburgoine, kraftbj, milana_cap, pacifika, pbiron, pfefferle, Ruxandra Gradina, swissspidy, szepeviktor, tangrufus, tweetythierry.
Fixes#50117.
See #3670. See #19998.
git-svn-id: https://develop.svn.wordpress.org/trunk@48072 602fd350-edb4-49c9-b593-d223f7449a82
Every block has a different set of attributes. These attributes are specified as a JSON Schema object. Previously, every block registered its own block renderer route using its attributes for the schema. This allowed for the attributes to be validated using the built in endpoint validation rules. It had the unfortunate side effect, however, of creating a large number of nearly identical REST API routes, one for each dynamic block. Each registered route has a performance impact. As the number of server side blocks goes up, this becomes more and more of an issue.
Now, we register a single block renderer route and dynamically validate the attributes based on the selected block.
Fixes#48079.
Props gziolo, TimothyBlynJacobs.
git-svn-id: https://develop.svn.wordpress.org/trunk@48069 602fd350-edb4-49c9-b593-d223f7449a82
Additionally, this adds a few tests to test output.
Fixes#20009.
Props mfields, scribu, azaozz, obenland, dd32, nacin, jrf, jdgrimes, garyj, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@48060 602fd350-edb4-49c9-b593-d223f7449a82
For a number of years, most of the WordPress error messages have been prefixed with "Error:". However, these messages appear in a context where it's already clear an error occurred. Whether it's an error, a warning, or any other classification, that's not so relevant for users. The content of the message is the relevant part. The "Error:" prefix doesn't add great value while it does add unnecessary complexity for the message readability.
Also, revises some of these messages to improve clarity and removes HTML from translatable strings.
Props garrett-eclipse, ramiy, SergeyBiryukov, afercia, sabernhardt, quadthemes, audrasjb.
See #47003, #43037, #42945, #15887.
Fixes#47656.
git-svn-id: https://develop.svn.wordpress.org/trunk@48059 602fd350-edb4-49c9-b593-d223f7449a82
The filter allows custom post types associated with the `category` taxonomy to opt in to requiring a default category, same as regular posts.
Props enrico.sorcinelli.
Fixes#43516.
git-svn-id: https://develop.svn.wordpress.org/trunk@48043 602fd350-edb4-49c9-b593-d223f7449a82
Now that WordPress Core supports PHP >= 5.6, the PHPMailer library can be updated to the latest version.
The PHPMailer files now reside in a new directory, `wp-includes/PHPMailer`. These files are copied verbatim from the library upstream and will make updating in the future easier. For backwards compatibility, the old files will remain and trigger deprecated file warnings.
The PHPMailer class is also now under the `PHPMailer\PHPMailer\PHPMailer` namespace. The `PHPMailer` class in the global namespace has been aliased for a seamless transition.
This upgrade also clears up a handful of PHP compatibility issues detailed in #49922.
For a full list of changes, see the PHPMailer GitHub: https://github.com/PHPMailer/PHPMailer/compare/v5.2.27...v6.1.6.
Props Synchro, SergeyBiryukov, desrosj, donmhico, ayeshrajans.
Fixes#41750.
git-svn-id: https://develop.svn.wordpress.org/trunk@48033 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the REST API would end up deleting each row of metadata and recreating it unnecessarily. This was caused by a type mismatch where the metadata API would always return a string value, and the REST API operated on a typed value.
The REST API now applies the same sanitization and type casting for "multiple" meta keys and "single" meta keys.
Fixes#49339.
Props renathoc.
git-svn-id: https://develop.svn.wordpress.org/trunk@47943 602fd350-edb4-49c9-b593-d223f7449a82
Many caching backend have support for multiple gets in a single request. This brings that support to core, with a compatability fallback that will loop over requests if needed.
Fixes: #20875.
Props: nacin, tollmanz, wonderboymusic, ryan, jeremyfelt, spacedmonkey, boonebgorges, dd32, rmccue, ocean90, jipmoors, johnjamesjacoby, tillkruess, donmhico, davidbaumwald, SergeyBiryukov, whyisjake.
git-svn-id: https://develop.svn.wordpress.org/trunk@47938 602fd350-edb4-49c9-b593-d223f7449a82
By saving `$wpdb->insert_id` to a variable, we make sure the ID does not change if another database insert is performed on the `clean_site_cache` action.
Props trepmal.
Fixes#50324.
git-svn-id: https://develop.svn.wordpress.org/trunk@47932 602fd350-edb4-49c9-b593-d223f7449a82
When the themes controller was introduced it only returned a theme's supported features. This adds the majority of a theme's header information to the response.
Props ockham, spacedmonkey.
Fixes#49906.
git-svn-id: https://develop.svn.wordpress.org/trunk@47921 602fd350-edb4-49c9-b593-d223f7449a82
* Add new var $valid_schema_properties to match rest_validate_value_from_schema()
* Unit test to ensure all valid properties exists, and non-valid properties are ignored
Fixes: #50301.
Props: pentatonicfunk, TimothyBlynJacobs.
git-svn-id: https://develop.svn.wordpress.org/trunk@47911 602fd350-edb4-49c9-b593-d223f7449a82
Enable developers to change the regex used in `safecss_filter_attr` to limit characters in the parsed CSS.
Props paulschreiber, swissspidy, rmccue, bartekcholewa, miinasikk.
Fixes#37134.
git-svn-id: https://develop.svn.wordpress.org/trunk@47891 602fd350-edb4-49c9-b593-d223f7449a82
With the minimum PHP version requirement set to 5.6 we're now able to use namespaces by default. This replaces `PHPUnit_Framework_TestCase` with `PHPUnit\Framework\TestCase` for `WP_UnitTestCase_Base` to solve autocompletion issues with code editors when using more recent PHPUnit versions. `PHPUnit\Framework\TestCase` is available since PHPUnit 5.4 and now the minimum required PHPUnit version.
Fixes#50236.
git-svn-id: https://develop.svn.wordpress.org/trunk@47880 602fd350-edb4-49c9-b593-d223f7449a82
As part of #47620 and the RFC for block registeration. Server registered blocks are missing some fields. These changeset includes them.
Props spacedmonkey, aduth.
Fixes#48529.
git-svn-id: https://develop.svn.wordpress.org/trunk@47875 602fd350-edb4-49c9-b593-d223f7449a82
Rather than consulting the post type object, let `map_meta_cap()` handle that for us.
Props peterwilsoncc, ocean90.
Fixes#50128.
See #23226.
git-svn-id: https://develop.svn.wordpress.org/trunk@47850 602fd350-edb4-49c9-b593-d223f7449a82
An instance of `WP_HTTP_Response` doesn't ensure that the required methods used in `WP_REST_Server::dispatch()` exist, currently causing a fatal error.
Props ali11007, TimothyBlynJacobs, ocean90.
Fixes#49495.
git-svn-id: https://develop.svn.wordpress.org/trunk@47849 602fd350-edb4-49c9-b593-d223f7449a82
The PR will corerce routes that have a leading slash and throwing a `_doing_it_wrong` notice while ensuring a proper namespace.
Fixes#49749.
Props TimothyBlynJacobs, skarabeq, afercia.
git-svn-id: https://develop.svn.wordpress.org/trunk@47842 602fd350-edb4-49c9-b593-d223f7449a82
Allow users without the `unfiltered_html` capability to use the `playsinline` attribute when embedding videos.
Additionally this adds unit tests for passing the video element through kses.
Fixes#50167. See #29826.
git-svn-id: https://develop.svn.wordpress.org/trunk@47837 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the WP_REST_Request object validated that top-level properties were defined, but this did not extend to those object's required properties. This adds validation to rest_validate_value_from_schema() directly.
Both the v3 and v4 JSON Schema syntax for required properties is supported.
Props sorenbronsted.
Fixes#48818.
git-svn-id: https://develop.svn.wordpress.org/trunk@47809 602fd350-edb4-49c9-b593-d223f7449a82
The logic for skipping previously removed meta boxes with the `core` priority should also apply to the `sorted` priority that is used when the boxes were manually reordered.
Add a unit test.
Props coolmann, franzarmas, SergeyBiryukov.
Fixes#50019.
git-svn-id: https://develop.svn.wordpress.org/trunk@47777 602fd350-edb4-49c9-b593-d223f7449a82
This avoids displaying duplicate content of the home page under different URLs with appended page numbers.
This change only affects the `<!--nextpage-->` pagination (`page` query variable) and not the regular multiple posts pagination (`paged` query variable).
The posts page does not support the `<!--nextpage-->` pagination, so requests for invalid page numbers should be redirected to the page permalink, applying the logic previously implemented for single posts or pages.
Follow-up to [34492], [47727].
Props jeremyfelt, sachit.tandukar, SergeyBiryukov.
Fixes#45337. See #40773, #28081, #11694.
git-svn-id: https://develop.svn.wordpress.org/trunk@47760 602fd350-edb4-49c9-b593-d223f7449a82
The array type, multi-types, and the additional properties keyword are now supported. Additionally, the filter recurses to an infinite depth.
Fixes#48819.
git-svn-id: https://develop.svn.wordpress.org/trunk@47758 602fd350-edb4-49c9-b593-d223f7449a82
Rendering a block is idempotent, so a GET is the most natural request method. However, the maximum length of URLs prevented blocks with large attributes from being rendered.
Props ryankienstra.
Fixes#49680.
git-svn-id: https://develop.svn.wordpress.org/trunk@47756 602fd350-edb4-49c9-b593-d223f7449a82
This accepts a uuid of any version. A future commit could add support for restricting uuids to a specific version.
Props johnwatkins0.
Fixes#50053.
git-svn-id: https://develop.svn.wordpress.org/trunk@47753 602fd350-edb4-49c9-b593-d223f7449a82
This brings the behaviour inline with that of browsing terms or using the All Items tab, which correctly shows empty terms.
Props birgire, audrasjb
Fixes#45298
git-svn-id: https://develop.svn.wordpress.org/trunk@47747 602fd350-edb4-49c9-b593-d223f7449a82
This avoids displaying duplicate content of the same post under different URLs and ensures the canonical URL is correct.
Previously, requests for invalid page numbers were only redirected to the post permalink if the post was actually paginated using the `<!--nextpage-->` marker.
Follow-up to [34492].
Props jeremyfelt, prografika, sachit.tandukar, subrataemfluence, hronak, ekatherine, henry.wright, chesio, dd32, SergeyBiryukov.
Fixes#40773. See #45337, #28081, #11694.
git-svn-id: https://develop.svn.wordpress.org/trunk@47727 602fd350-edb4-49c9-b593-d223f7449a82
This solution extends the wp_insert_post_data filter to pass in addition to the slashed/sanitized/processed data, and the slashed/sanitized/unprocessed data, to also pass the initial slashed/unsanitized/unprocessed data which was passed into wp_insert_post(). This then allows plugins to have complete control over how sanitization is performed based on the post type.
Props westonruter, peterwilsoncc, sstoqnov, whyisjake, xknown.
git-svn-id: https://develop.svn.wordpress.org/trunk@47633 602fd350-edb4-49c9-b593-d223f7449a82
Add unit tests for `wp_handle_comment_submission()` and `wp_insert_comment()` receiving an empty type.
Follow-up to [47597].
Props ocean90, imath.
Fixes#49236.
git-svn-id: https://develop.svn.wordpress.org/trunk@47626 602fd350-edb4-49c9-b593-d223f7449a82
Switch to `home_url()` for consistency with other tests and to avoid confusion.
Props david.binda.
Fixes#49988.
git-svn-id: https://develop.svn.wordpress.org/trunk@47615 602fd350-edb4-49c9-b593-d223f7449a82
This is the first step to bring support for custom comment types into WordPress.
Add a scheduled upgrade routine to update the type value for existing comments, in batches of 100 at a time.
Props imath, aaroncampbell, jeremyfelt, dshanske.
Fixes#49236.
git-svn-id: https://develop.svn.wordpress.org/trunk@47597 602fd350-edb4-49c9-b593-d223f7449a82
A request has multiple parameter types, including "query" and "json." Updating a parameter could previously modify a key's value in the wrong parameter type, leading to confusing and self-contradictory response objects.
Props mnelson4, TimothyBlynJacobs, vagios, jnylen0.
Fixes#40838.
git-svn-id: https://develop.svn.wordpress.org/trunk@47559 602fd350-edb4-49c9-b593-d223f7449a82
The test incorrectly describes the behavior of `current_theme_supports( 'post-thumbnails' )` and only passes by accident.
Follow-up to [30148].
Fixes#49801.
git-svn-id: https://develop.svn.wordpress.org/trunk@47548 602fd350-edb4-49c9-b593-d223f7449a82
r45812 incorrectly introduced a delete_post permissions check into the get_item method, breaking some plugins which requested revisions when generating previews.
Props sorenbronsted, yohannp, TimothyBlynJacobs.
Fixes#49645.
git-svn-id: https://develop.svn.wordpress.org/trunk@47547 602fd350-edb4-49c9-b593-d223f7449a82
Previously elements would be a mixture of strings and integers depending on their numeric value.
Props progremzion, m.usama.masood
Fixes#48093
git-svn-id: https://develop.svn.wordpress.org/trunk@47526 602fd350-edb4-49c9-b593-d223f7449a82
Use rest_is_field_included when determining which additional fields to include to permit filtering by nested field properties.
Props Dudo, kadamwhite, TimothyBlynJacobs.
Fixes#49648.
git-svn-id: https://develop.svn.wordpress.org/trunk@47511 602fd350-edb4-49c9-b593-d223f7449a82
This complements `wpdb::db_version()`, which only returns a numeric version string and strips any additional information, e.g. vendor name.
Props clarinetlord, birgire, webaware, pento.
Fixes#40037. See #27703.
git-svn-id: https://develop.svn.wordpress.org/trunk@47451 602fd350-edb4-49c9-b593-d223f7449a82
URL polyfill from the polyfill-library library is not spec-conformant, in a way which negatively impacts its usability for pending revisions to the block editor. Specifically, there were revisions to the implementation of the wp-url script to detect URL validity by relying on thrown errors from the URL constructor, but this specific behavior is not implemented in this version of the polyfill.
There was another issue in r47238, which is that the test used to check whether the polyfill should be included is not accurate. This commit uses a different check and fixes the issue.
Props aduth.
Fixes: #49360.
git-svn-id: https://develop.svn.wordpress.org/trunk@47416 602fd350-edb4-49c9-b593-d223f7449a82
The parameter was previously used as the number of comments, marked as deprecated in [5101].
Given that it's been deprecated for the last 13 years, it should be safe to undeprecate and repurpose it for a cleaner function signature, instead of adding a fifth parameter.
Follow-up to [47276].
Fixes#48772.
git-svn-id: https://develop.svn.wordpress.org/trunk@47366 602fd350-edb4-49c9-b593-d223f7449a82
Permit passing an empty object as the string "?obj=". The type of the passed empty argument is inferred from the registered schema.
Props TimothyBlynJacobs, steffanhalv, schlessera, dd32.
Fixes#42961.
git-svn-id: https://develop.svn.wordpress.org/trunk@47362 602fd350-edb4-49c9-b593-d223f7449a82
Check a more exhaustive list of post type editing caps beyond "edit_post" to ensure custom user roles with access to to specific post types may still use block editor functionality depending on theme features.
Props miyauchi, TimothyBlynJacobs.
Fixes#46723.
git-svn-id: https://develop.svn.wordpress.org/trunk@47361 602fd350-edb4-49c9-b593-d223f7449a82
Several filters were introduced to the render_block method since the initial implementation of the block-renderer/ endpoints, causing the output of those endpoints to diverge from the rendered content of blocks on the frontend.
Props kadamwhite, TimothyBlynJacobs, miinasikk.
Fixes#49387.
git-svn-id: https://develop.svn.wordpress.org/trunk@47360 602fd350-edb4-49c9-b593-d223f7449a82
This resolves PHP notices in a few places in core where this capability is checked.
Props Mte90, johnbillion, dipesh.kakadiya, jipmoors, bamadesigner, dd32, johnjamesjacoby, xedin.unknown, flixos90, SergeyBiryukov.
Fixes#30991.
git-svn-id: https://develop.svn.wordpress.org/trunk@47357 602fd350-edb4-49c9-b593-d223f7449a82
Following [47260] a namespace such as "test-ns" prevents any namespace such as "test-ns/v1" from being found when matching routes.
While not best practice, this was an unintentional back-compat break; this patch restores the original behavior.
Props david.binda, TimothyBlynJacobs.
Fixes#48530.
git-svn-id: https://develop.svn.wordpress.org/trunk@47351 602fd350-edb4-49c9-b593-d223f7449a82
All schema types, not just objects, are permitted as the base type of a resource. A future patch could add validation support for those types, but this fix only prevents a PHP warning from being issued.
Props dhavalkasvala, johnwatkins0, birgire.
Fixes#48785.
git-svn-id: https://develop.svn.wordpress.org/trunk@47328 602fd350-edb4-49c9-b593-d223f7449a82
The documentation for register_setting has also been clarified to include all of the supported types and the flexibility of the show_in_rest parameter.
Fixes#42875.
Props perrywagle, dshanske, kadamwhite.
git-svn-id: https://develop.svn.wordpress.org/trunk@47325 602fd350-edb4-49c9-b593-d223f7449a82
`assertSame()` doesn't have the `$delta` parameter, only `assertEquals()` does.
Follow-up to [47313].
See #40364.
git-svn-id: https://develop.svn.wordpress.org/trunk@47318 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that `wp_update_post()` does not unintentionally modify post tags if the post has several tags with the same name but different slugs.
Tags should only be modified if `tags_input` parameter was explicitly provided, and is different from the existing tags.
Props kaggdesign, SergeyBiryukov.
Fixes#45121.
git-svn-id: https://develop.svn.wordpress.org/trunk@47317 602fd350-edb4-49c9-b593-d223f7449a82
This allow for using these functions outside of the loop.
Props donmhico, garrett-eclipse, Hinjiriyo, imath.
Fixes#48772.
git-svn-id: https://develop.svn.wordpress.org/trunk@47276 602fd350-edb4-49c9-b593-d223f7449a82
* `erase_others_personal_data`
* `export_others_personal_data`
* `manage_privacy_options`
Previously mapped to `manage_options` or `manage_network` (on Multisite), these are now added to the Administrator role separately.
Additionally, `manage_privacy_options` is added to the Editor role.
Props garrett-eclipse, xkon, pbiron, desrosj, johnbillion, flixos90, juliobox, lakenh, Ov3rfly, ianatkins.
Fixes#44176.
git-svn-id: https://develop.svn.wordpress.org/trunk@47269 602fd350-edb4-49c9-b593-d223f7449a82
register_rest_field can be used to add properties to a schema, but no mechanism existed to alter existing properties like "content".
Running the schema through this filter lets plugins append additional sub-properties to existing schema definitions.
Props luisherranz, TimothyBlynJacobs, swissspidy, westonruter, kadamwhite.
Fixes#47779.
git-svn-id: https://develop.svn.wordpress.org/trunk@47265 602fd350-edb4-49c9-b593-d223f7449a82
Rule out groups of API endpoints by simple namespace string comparison to reduce the number of regex checks necessary when matching a route.
Props TimothyBlynJacobs.
Fixes#48530.
git-svn-id: https://develop.svn.wordpress.org/trunk@47260 602fd350-edb4-49c9-b593-d223f7449a82
Fully list which first-party core theme features are supported in the /themes endpoint response. This brings the REST API themes controller's response more in line with the output of get_theme_support().
Props adamboro, apieschel, koke, spacedmonkey, TimothyBlynJacobs.
See #49037.
git-svn-id: https://develop.svn.wordpress.org/trunk@47258 602fd350-edb4-49c9-b593-d223f7449a82
This adds a progress indicator for "Download Personal Data" and "Erase Personal Data" row actions, which can take a while with a lot of data.
Props garrett-eclipse, allendav, dominic_ks, xkon, karmatosed, birgire.
Fixes#44264.
git-svn-id: https://develop.svn.wordpress.org/trunk@47246 602fd350-edb4-49c9-b593-d223f7449a82
The function returns an instance of the `WP_User_Request` object itself, not its `$request_data` property.
Follow-up to [44606].
Props garrett-eclipse.
Fixes#46302.
git-svn-id: https://develop.svn.wordpress.org/trunk@47245 602fd350-edb4-49c9-b593-d223f7449a82
Previously the REST API did not account for server configurations where the Authorization header must be added using ModRewrite. This caused major DUX issues when trying to use custom authentication mechanisms.
Fixes#47077.
Props dshanske, cklosows.
git-svn-id: https://develop.svn.wordpress.org/trunk@47239 602fd350-edb4-49c9-b593-d223f7449a82
Pending block editor revisions for WordPress 5.4 will make use of `window.URL` and `window.DOMRect`. These are not available in Internet Explorer (or pre-Chromium Edge for `DOMRect`) and must be polyfilled to avoid script errors.
The changes make use of the existing polyfill pattern, and existing `polyfill-library` dependency. The dependency is bumped to the latest version, since the previous version did not include the `DOMRect` polyfill.
Props jorgefilipecosta.
Fixes#49360.
git-svn-id: https://develop.svn.wordpress.org/trunk@47238 602fd350-edb4-49c9-b593-d223f7449a82
Session tokens contain an IP address and user agent.
Props garrett-eclipse, nickylimjj, lakenh, xkon, rconde.
Fixes#45889.
git-svn-id: https://develop.svn.wordpress.org/trunk@47237 602fd350-edb4-49c9-b593-d223f7449a82
The value is used by the WordPress Events and News widget to show relevant WP community events.
The location information may include an IP address, location description, and latitude/longitude coordinates.
Props garrett-eclipse, coreymckrill, xkon.
Fixes#43921.
git-svn-id: https://develop.svn.wordpress.org/trunk@47236 602fd350-edb4-49c9-b593-d223f7449a82
When used as a noun referring to the "virtual" place, `Trash` should be capitalized.
Props garrett-eclipse, aandrewdixon, Presskopp.
Fixes#45317.
git-svn-id: https://develop.svn.wordpress.org/trunk@47233 602fd350-edb4-49c9-b593-d223f7449a82
Previously the _embed flag would embed all embeddable links in a response even if only a subset of the links were necessary. Now, a list of link relations can be passed in the _embed parameter to restrict the list of embedded objects.
Props rheinardkorf, adamsilverstein, jnylen0, cklosows, chrisvanpatten, TimothyBlynJacobs.
Fixes#39696.
git-svn-id: https://develop.svn.wordpress.org/trunk@47224 602fd350-edb4-49c9-b593-d223f7449a82
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.
This commit also includes:
* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
* `wp-admin/admin-header.php`
* `wp-admin/admin-footer.php`
* `wp-includes/version.php`
Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes#48082.
git-svn-id: https://develop.svn.wordpress.org/trunk@47198 602fd350-edb4-49c9-b593-d223f7449a82
This allows the icons to be retrieved via `get_post_type_object()`.
Props m.usama.masood, michael.ecklund, SergeyBiryukov.
Fixes#38844.
git-svn-id: https://develop.svn.wordpress.org/trunk@47196 602fd350-edb4-49c9-b593-d223f7449a82
Since MySQL 5.7, InnoDB engine supports `FULLTEXT` indexes, so forcing MyISAM is unnecessary.
Follow-up to [47193], which addressed the issue in `Tests_dbDelta::setUp()`, but missed other tests.
Props xkon, joonasvanhatapio, SergeyBiryukov.
Fixes#49367.
git-svn-id: https://develop.svn.wordpress.org/trunk@47195 602fd350-edb4-49c9-b593-d223f7449a82
* MySQL 8.0.11 changed the `GeometryCollection` data type name to `GeomCollection`, with the latter being the preferred name.
* MySQL 8.0.17 removed support for the display width attribute for integer data types. Previously, default display width of 20 digits was used: `BIGINT(20)`.
The affected tests now check the MySQL server version and use the appropriate data types.
This leaves one unresolved failure on MySQL 8.0.17+ to be addressed in the future, caused by the same `BIGINT` display width discrepancy coming from `wp_get_db_schema()`.
Props kaggdesign, ottok, jeremyfelt, SergeyBiryukov.
Fixes#44384, #49344. See #49364.
git-svn-id: https://develop.svn.wordpress.org/trunk@47184 602fd350-edb4-49c9-b593-d223f7449a82
MySQL 8.0.11 removed support for the `NO_AUTO_CREATE_USER` SQL mode, which was used in as an example of a mode compatible with WordPress.
`NO_AUTO_VALUE_ON_ZERO` is now used in the affected tests instead, which is supported on both MySQL 5.7.x and 8.0.x.
Props kaggdesign, jeremyfelt, afragen.
Fixes#44586. See #49344.
git-svn-id: https://develop.svn.wordpress.org/trunk@47183 602fd350-edb4-49c9-b593-d223f7449a82
If the post status is not registered, assume it's not public, but still allow access to users with edit permissions (same as for a protected post status, e.g. `draft`), so that they could recover orphaned content.
Add unit tests.
Follow-up to [47178].
Props roytanck, SergeyBiryukov.
Fixes#48653.
git-svn-id: https://develop.svn.wordpress.org/trunk@47181 602fd350-edb4-49c9-b593-d223f7449a82
With `map_meta_cap` enabled for a post type, the `read_post` capability for posts with a public status is supposed to be mapped to the post type's `read` capability.
When a post is left in the database after the post status is no longer present, and WP does a `read_post` check against it, a PHP notice was thrown, and the cap check always failed.
As a more graceful fallback, the cap is now mapped onto `edit_others_posts`, which allows highly privileged users to be able to access orphaned content.
A `_doing_it_wrong()` notice is also added, so that developers and site administrators are aware that the cap mapping is failing in the absence of the registered post status.
Follow-up to [34091], which introduced a similar approach to checking mapped caps against an unregistered post type.
Props roytanck, SergeyBiryukov.
Fixes#48653.
git-svn-id: https://develop.svn.wordpress.org/trunk@47178 602fd350-edb4-49c9-b593-d223f7449a82
Core did not include the navigation block PHP files.
This commit fixes the issue referred, and now the navigation block is executed on the frontend. The block still does not work as expected and throws an error during frontend execution. That problem is going to be fixed on the next WordPress package update.
This commit adds the file as it is on the npm package used.
Props gziolo.
Fixes#49348.
git-svn-id: https://develop.svn.wordpress.org/trunk@47176 602fd350-edb4-49c9-b593-d223f7449a82
This makes the function more consistent with `get_the_ID()` or `wp_get_post_parent_id()`, both returning an integer.
Props 0v3rth3d4wn.
Fixes#40096.
git-svn-id: https://develop.svn.wordpress.org/trunk@47160 602fd350-edb4-49c9-b593-d223f7449a82
Using all caps should be avoided for better readability and because screen readers may pronounce all-caps words as abbreviations.
Props afercia, ryokuhi, sabernhardt, garrett-eclipse.
See #47656, #43037, #42945.
git-svn-id: https://develop.svn.wordpress.org/trunk@47156 602fd350-edb4-49c9-b593-d223f7449a82
The produced ZIP archive will now include an `export.json` file along with the current `index.html`.
Props xkon.
Fixes#49029. See #46424.
git-svn-id: https://develop.svn.wordpress.org/trunk@47146 602fd350-edb4-49c9-b593-d223f7449a82
Store each generated embedded object in a temporary cache when querying for linked resources so that repeated links to the same resource do not trigger repeated queries or processing.
Props TimothyBlynJacobs.
Fixes#48838.
git-svn-id: https://develop.svn.wordpress.org/trunk@47138 602fd350-edb4-49c9-b593-d223f7449a82
This information was previously available on the Moderate Comment screen in the admin, but was missing from moderation emails.
Props imath, danieltj, andraganescu, galbaras, SergeyBiryukov.
Fixes#43805. See #43429.
git-svn-id: https://develop.svn.wordpress.org/trunk@47114 602fd350-edb4-49c9-b593-d223f7449a82
This ensures that the function has enough context to determine the necessity of replacing the month name with the correct form in locales that require it.
Props SergeyBiryukov, Rarst.
Fixes#48934.
git-svn-id: https://develop.svn.wordpress.org/trunk@47078 602fd350-edb4-49c9-b593-d223f7449a82
Previously, `wp_favicon_request()` was introduced in [13205] to avoid a performance hit of serving a full 404 page on every favicon request.
While working as intended, that implementation did not provide a way for theme or plugin authors to manage the behavior of favicon requests.
This changeset implements the following logic (only applied if WordPress is installed in the root directory):
* If there is a Site Icon set in Customizer, redirect `/favicon.ico` requests to that icon.
* Otherwise, use the WordPress logo as a default icon.
* If a physical `/favicon.ico` file exists, do nothing, let the server handle the request.
Handling `/favicon.ico` is now more consistent with handling `/robots.txt` requests.
New functions and hooks:
* Introduce `is_favicon()` conditional tag to complement `is_robots()`.
* Introduce `do_favicon` action to complement `do_robots` and use it in template loader.
* Introduce `do_favicon()` function, hooked to the above action by default, to complement `do_robots()`.
* Introduce `do_faviconico` action to complement `do_robotstxt`, for plugins to override the default behavior.
* Mark `wp_favicon_request()` as deprecated in favor of `do_favicon()`.
Props jonoaldersonwp, birgire, joostdevalk, mukesh27, SergeyBiryukov.
Fixes#47398.
git-svn-id: https://develop.svn.wordpress.org/trunk@47018 602fd350-edb4-49c9-b593-d223f7449a82
This converts the arguments originally meant for `wpmu_create_blog()` to the ones used by `wp_insert_site()`.
Follow-up to [47011].
Fixes#47195.
git-svn-id: https://develop.svn.wordpress.org/trunk@47013 602fd350-edb4-49c9-b593-d223f7449a82
Map some arguments for backward compatibility with `wpmu_create_blog()` previously used there.
Props davidbaumwald, danielbachhuber, jeremyfelt, SergeyBiryukov.
See #47195.
git-svn-id: https://develop.svn.wordpress.org/trunk@47011 602fd350-edb4-49c9-b593-d223f7449a82
Previously, the first available match was returned, regardless of the case, which was not always the expected result.
Props archon810, ben.greeley, tristangemus, vsamoletov, SergeyBiryukov.
Fixes#39768.
git-svn-id: https://develop.svn.wordpress.org/trunk@47010 602fd350-edb4-49c9-b593-d223f7449a82
r46896 was intended to have included unit tests for the block serialization functions added as part of the changeset.
Props: @aduth.
Fixes: #49048
git-svn-id: https://develop.svn.wordpress.org/trunk@46997 602fd350-edb4-49c9-b593-d223f7449a82
* Clarify in the documentation that the function returns `false` on failure.
* Consistently pass the return value through the `get_feed_build_date` filter.
Props Rarst, dd32, azaozz, tellyworth.
Fixes#48957.
git-svn-id: https://develop.svn.wordpress.org/trunk@46974 602fd350-edb4-49c9-b593-d223f7449a82
- Fix PHP warnings in `wp_unique_filename()` when the destination directory is unreadable.
- Run the final name collision test only for files that are saved to the uploads directory.
- Update the unit tests to match.
Props eden159, audrasjb, azaozz.
Fixes#48960 for trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@46965 602fd350-edb4-49c9-b593-d223f7449a82
Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.
Props: aduth, epiqueras,
git-svn-id: https://develop.svn.wordpress.org/trunk@46896 602fd350-edb4-49c9-b593-d223f7449a82
`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.
Props: xknown, nickdaugherty, peterwilsoncc.
git-svn-id: https://develop.svn.wordpress.org/trunk@46895 602fd350-edb4-49c9-b593-d223f7449a82
Timothy Jacobs
Sergey Biryukov
Jake Spurlock
Adam Silverstein
Andrew Ozz
Dominik Schilling
Greg Ziółkowski
Felix Arntz
Andrea Fercia
Ella van Durpe
Jonathan Desrosiers
John Blackbourn
Pascal Birchler
TimothyBlynJacobs
Aaron Jorbin
Peter Wilson
K. Adam White
SergeyBiryukov
Jorge Costa
Andrew Duthie